WordPress Shows Login Page For Entire Site

Today, I had an unpleasant experience. When I tried to access my site, I was presented with a peculiar login page. No page was accessible. Even the wp-admin.php page was blocked out by the login page. There was only one input box for the password (see image).

password

A study of the source code of the login page showed the following:


Password:  

I thought my site was hacked and launched a search in all the known places. I also carefully studied the access.log and the error.log to see I could detect some abnormal activity.

Then, I thought I would use the find text function in SSH to flush out the offending file.

I used the command:


grep -r -H “various_search_terms” *

The Grep command looks for the “various_search_terms” recursively (-r option) and provides the result in human readable format (-H option) in all (*) files under the current working directory (see more here).

However, even this did not help.

I even checked the MySql database to see if that had somehow been hacked.

I even checked the theme pages carefully to see if they had been hacked somehow.

Ultimately, it occurred to me that a plugin might have been corrupted. To test the theory, I renamed the entire “wp-content/plugins” directory to stop the plugins from being loaded.

That did the trick. The site opened and I knew where the fault was.

After that it was a laborious exercise of disabling each individual plugin by renaming its folder and checking whether it was the culprit.

Finally, I zeroed in on JetPack. It was the culprit.

I disabled it, logged into wp-admin and deleted it. Then I reinstalled a fresh copy.

Now, everything works as normal. It is, however, still a big mystery where the log-in page came from. I scanned the entire offending JetPack folder but couldn’t find it. I also don’t see how a corrupt plugin can throw up a login page.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *